fix(JWTToken): sign secret move to properties (#42)

Author: 2b3c511

backend/doc/deploy.md

@@ -29,6 +29,8 @@
 
 ![](image/配置文件.PNG)
 
+务必在application-prod.properties中设置jwt.sign.secret
+
 2 打包
 
 ![](image/打包.png)

backend/src/main/java/org/apache/iotdb/admin/tool/JJwtTool.java

@@ -24,36 +24,59 @@
 import io.jsonwebtoken.Jwts;
 import io.jsonwebtoken.SignatureAlgorithm;
 import lombok.extern.slf4j.Slf4j;
+import org.springframework.boot.context.properties.ConfigurationProperties;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.util.StringUtils;
 
+import java.util.ArrayList;
 import java.util.Date;
+import java.util.List;
 
 /** date:2022/12/6 author:yzf project_name:backend */
 @Slf4j
+@Configuration
+@ConfigurationProperties(prefix = "jwt.sign")
 public class JJwtTool {
-  private static String secret =
-      "HSyJ0eXAiOiJKV1QasdfffffffSd3g8923402347523fffasdfasgwaegwaegawegawegawegawetwgewagagew"
-          + "asdf23r23DEEasdfawef134t2fawt2g325gafasdfasdfiLCJhbGciOiJIUzI1NiJ9";
+
+  private static List<String> jwtCache = new ArrayList<>();
+  private static String secret;
+
+  public String getSecret() {
+    return secret;
+  }
+
+  public void setSecret(String payload) {
+    secret = payload;
+  }
 
   public static String generateToken(User user) {
     log.info("user=" + user.toString());
     Date now = new Date();
     //    Calendar instance = Calendar.getInstance();
     //    instance.add(Calendar.HOUR_OF_DAY, 24);
     Date expireDate = new Date(new Date().getTime() + (1000 * 60 * 60 * 10));
-    return Jwts.builder()
-        .setHeaderParam("type", "JWT")
-        .setSubject(user.getId() + "")
-        .setIssuedAt(now) // 签发时间
-        .claim("userId", user.getId())
-        .claim("name", user.getName())
-        .setExpiration(expireDate) // 过期时间
-        .signWith(SignatureAlgorithm.HS512, secret)
-        .compact();
+    String compact =
+        Jwts.builder()
+            .setHeaderParam("type", "JWT")
+            .setSubject(user.getId() + "")
+            .setIssuedAt(now) // 签发时间
+            .claim("userId", user.getId())
+            .claim("name", user.getName())
+            .setExpiration(expireDate) // 过期时间
+            .signWith(SignatureAlgorithm.HS512, secret)
+            .compact();
+    if (StringUtils.hasLength(compact) && !jwtCache.contains(compact)) {
+      jwtCache.add(compact);
+    }
+    return compact;
   }
 
   /** 解析token */
   public static Claims getClaimsByToken(String token) {
     try {
+      if (StringUtils.hasLength(token) && !jwtCache.contains(token)) {
+        return null;
+      }
       return Jwts.parser().setSigningKey(secret).parseClaimsJws(token).getBody();
     } catch (Exception e) {
       System.out.println("validate is token error");

backend/src/main/resources/application-dev.properties

@@ -36,4 +36,7 @@ spring.servlet.multipart.max-file-size=200MB
 spring.servlet.multipart.max-request-size=215MB
 
 # All files generated during CSV import and export are stored in this folder
-file.temp-dir=./tempFile
+file.temp-dir=./tempFile
+
+# token secret
+jwt.sign.secret = HSyJ0eXAiOiJKV1QasdfffffffSd3g8923402347523fffasdfasgwaegwaegawegawegawegawetwgewagagewasdf23r23DEEasdfawef134t2fawt2g325gafasdfasdfiLCJhbGciOiJIUzI1NiJ9

backend/src/main/resources/application-prod.properties

@@ -32,4 +32,7 @@ spring.servlet.multipart.max-file-size=200MB
 spring.servlet.multipart.max-request-size=215MB
 
 # All files generated during CSV import and export are stored in this folder
-file.temp-dir=./tempFile
+file.temp-dir=./tempFile
+
+# token secret
+jwt.sign.secret =

backend/src/main/resources/application-test.properties

@@ -30,4 +30,7 @@ spring.servlet.multipart.file-size-threshold=2KB
 spring.servlet.multipart.max-file-size=200MB
 spring.servlet.multipart.max-request-size=215MB
 
-file.temp-dir=./tempFile
+file.temp-dir=./tempFile
+
+# token secret
+jwt.sign.secret =